<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第149期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第149期）</strong></h5>
<blockquote> 2017/01/02-2017/01/08</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>美情报机构：俄罗斯涉嫌通过黑客攻击和散步虚假消息干预美国大选<br><a target="_blank" href="http://www.freebuf.com/news/124662.html">http://www.freebuf.com/news/124662.html</a></div><div class="single"><span id="tags">[人物]&nbsp;&nbsp;</span>杨大路：威胁情报版“今日头条”该怎么做<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652877355&amp;idx=1&amp;sn=a5a80a487b502bf778b18506249beb90&amp;chksm=f3415d03c436d415b22ecc601f84450aa76dfad8a3a758e08dc06b7a100bbc53aeaf21e15ad3">https://mp.weixin.qq.com/s?__biz=MzIzMTAzNzUxMQ==&amp;mid=2652877355&amp;idx=1&amp;sn=a5a80a487b502bf778b18506249beb90&amp;chksm=f3415d03c436d415b22ecc601f84450aa76dfad8a3a758e08dc06b7a100bbc53aeaf21e15ad3</a></div><div class="single"><span id="tags">[事件]&nbsp;&nbsp;</span>Cyber​​Zeist入侵FBI网站并泄露部分数据<br><a target="_blank" href="http://www.mottoin.com/95023.html">http://www.mottoin.com/95023.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>国际航空订票系统存在漏洞，可轻易取消、修改航班预约<br><a target="_blank" href="http://www.freebuf.com/news/124348.html">http://www.freebuf.com/news/124348.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>《中国网络安全企业50强》（2016年下）发布<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651069981&amp;idx=1&amp;sn=4e643b78aec9216406dd9a87464b150a&amp;chksm=bd14aece8a6327d81168a5e8758d1c3acd4272dba5064203f4eba715a07df24be59811d6048c">https://mp.weixin.qq.com/s?__biz=MjM5Njc3NjM4MA==&amp;mid=2651069981&amp;idx=1&amp;sn=4e643b78aec9216406dd9a87464b150a&amp;chksm=bd14aece8a6327d81168a5e8758d1c3acd4272dba5064203f4eba715a07df24be59811d6048c</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>The FTC’s Internet of Things (IoT) Challenge<br><a target="_blank" href="http://krebsonsecurity.com/2017/01/the-ftcs-internet-of-things-iot-challenge/">http://krebsonsecurity.com/2017/01/the-ftcs-internet-of-things-iot-challenge/</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>廊坊历险记 -- 传销窝点救人纪实<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404060928751575242">http://weibo.com/ttarticle/p/show?id=2309404060928751575242</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>在百度：如何做好企业安全这门生意？<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzAxMjIyNDE4Mg==&amp;mid=2651758564&amp;idx=1&amp;sn=1d63e419706179bbbfc1c2de5ae115a8&amp;chksm=804f2c3db738a52b5d5a7edb47cf017b4cf5c50725d78165cab710acf6145676cd4a21f1a9cb&amp;mpshare=1">https://mp.weixin.qq.com/s?__biz=MzAxMjIyNDE4Mg==&amp;mid=2651758564&amp;idx=1&amp;sn=1d63e419706179bbbfc1c2de5ae115a8&amp;chksm=804f2c3db738a52b5d5a7edb47cf017b4cf5c50725d78165cab710acf6145676cd4a21f1a9cb&amp;mpshare=1</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>端口渗透总结<br><a target="_blank" href="http://www.91ri.org/15441.html">http://www.91ri.org/15441.html</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>2016 GIAC 全球互联网架构大会圆满结束，全部 PPT 开放下载<br><a target="_blank" href="http://mp.weixin.qq.com/s/daAZ1tmcpsZt4pHdAW3oWg">http://mp.weixin.qq.com/s/daAZ1tmcpsZt4pHdAW3oWg</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQLChop - 一个新型 SQL 注入检测引擎<br><a target="_blank" href="https://blog.chaitin.cn/sqlchop-the-sqli-detection-engine/">https://blog.chaitin.cn/sqlchop-the-sqli-detection-engine/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Python 格式化字符串漏洞（Django为例）<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3374.html">http://bobao.360.cn/learning/detail/3374.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>内网渗透的一些工具和平台汇总<br><a target="_blank" href="http://www.mottoin.com/95177.html">http://www.mottoin.com/95177.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>GitPrey: GitHub敏感信息扫描工具<br><a target="_blank" href="https://github.com/repoog/GitPrey">https://github.com/repoog/GitPrey</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSRF漏洞的挖掘经验<br><a target="_blank" href="https://sobug.com/article/detail/11">https://sobug.com/article/detail/11</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>dedeCMS友情链接getshell漏洞分析<br><a target="_blank" href="http://www.hackdig.com/01/hack-42372.htm">http://www.hackdig.com/01/hack-42372.htm</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>基于Spark GraphX实现微博二度关系推荐实践<br><a target="_blank" href="http://weibo.com/ttarticle/p/show?id=2309404060500571876390">http://weibo.com/ttarticle/p/show?id=2309404060500571876390</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>2016 GIAC 全球互联网架构大会圆满结束[PPT+视频]<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5NjQ4MjYwMQ==&amp;mid=2664608640&amp;idx=2&amp;sn=446ba28dcbec21d1ed739c2e8bb1714b&amp;chksm=bdce88c68ab901d04385aa5fd4d974a97bad02045ba0fa4ff411fb9577ea9612e0e168a7f6ef">https://mp.weixin.qq.com/s?__biz=MjM5NjQ4MjYwMQ==&amp;mid=2664608640&amp;idx=2&amp;sn=446ba28dcbec21d1ed739c2e8bb1714b&amp;chksm=bdce88c68ab901d04385aa5fd4d974a97bad02045ba0fa4ff411fb9577ea9612e0e168a7f6ef</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>FIT 2017台前幕后大揭秘（附大会议题PPT）<br><a target="_blank" href="http://www.freebuf.com/news/topnews/124133.html">http://www.freebuf.com/news/topnews/124133.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>2017年最好用的Android渗透工具合集<br><a target="_blank" href="http://www.freebuf.com/sectool/124507.html">http://www.freebuf.com/sectool/124507.html</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>33C3: Works for Me 中文翻译版 <br><a target="_blank" href="http://hardenedlinux.org/translation/2017/01/03/33c3-works-for-me.html">http://hardenedlinux.org/translation/2017/01/03/33c3-works-for-me.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>《物联网安全白皮书》<br><a target="_blank" href="http://toutiao.secjia.com/nsfocus-iot-security-whitepaper-ppt">http://toutiao.secjia.com/nsfocus-iot-security-whitepaper-ppt</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Linux MySQL Udf 提权<br><a target="_blank" href="http://www.91ri.org/16540.html">http://www.91ri.org/16540.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>【EXP】VMware vSphere Data Protection CVE-2016-7456 Authentication Bypass<br><a target="_blank" href="https://github.com/phroxvs/metasploit-framework/blob/exploit_vdp_known_privkey/modules/exploits/linux/ssh/vmware_vdp_known_privkey.rb">https://github.com/phroxvs/metasploit-framework/blob/exploit_vdp_known_privkey/modules/exploits/linux/ssh/vmware_vdp_known_privkey.rb</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>Deep Learning Security Papers  深度学习与安全<br><a target="_blank" href="http://www.covert.io/deep-learning-security-papers/">http://www.covert.io/deep-learning-security-papers/</a></div><div class="single"><span id="tags">[比赛]&nbsp;&nbsp;</span>CTFCrackTools: 中国国内首个CTFcrack框架<br><a target="_blank" href="https://github.com/0Linchen/CTFCrackTools">https://github.com/0Linchen/CTFCrackTools</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Kernel Exploitation -&gt; Pool Overflow<br><a target="_blank" href="http://www.fuzzysecurity.com/tutorials/expDev/20.html">http://www.fuzzysecurity.com/tutorials/expDev/20.html</a></div><div class="single"><span id="tags">[会议]&nbsp;&nbsp;</span>My favorite DFIR(Digital Forensics and Incident Response) presentations for 2016<br><a target="_blank" href="https://threatintel.eu/2016/12/30/my-favorite-dfir-presentations-for-2016/">https://threatintel.eu/2016/12/30/my-favorite-dfir-presentations-for-2016/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>e107 CMS &lt;=2.1.2 权限提升漏洞分析<br><a target="_blank" href="http://bobao.360.cn/learning/detail/3368.html">http://bobao.360.cn/learning/detail/3368.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SRC漏洞挖掘小见解<br><a target="_blank" href="http://www.mottoin.com/95043.html">http://www.mottoin.com/95043.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>通过Burp Collaborator插件利用SQL盲注<br><a target="_blank" href="http://www.mottoin.com/95010.html">http://www.mottoin.com/95010.html</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>基于 IP 地址的种子下载历史查询<br><a target="_blank" href="http://iknowwhatyoudownload.com/en/peer/">http://iknowwhatyoudownload.com/en/peer/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>BurpSuite插件开发Tips：请求响应参数的AES加解密<br><a target="_blank" href="http://www.mottoin.com/95091.html">http://www.mottoin.com/95091.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Invoke-TheHash：执行WMI和SMB命令的PowerShell脚本<br><a target="_blank" href="http://www.mottoin.com/94990.html">http://www.mottoin.com/94990.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>scrapy爬虫教程导航 <br><a target="_blank" href="http://brucedone.com/archives/771">http://brucedone.com/archives/771</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>DOOM：分布式任务分发IP端口漏洞扫描器<br><a target="_blank" href="http://www.mottoin.com/94946.html">http://www.mottoin.com/94946.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>我的通行你的证<br><a target="_blank" href="http://lvwei.me/passport.html">http://lvwei.me/passport.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>DomainSeeker 多方式收集目标子域名信息<br><a target="_blank" href="http://www.evilclay.com/2017/01/02/domain-seeker%E4%BA%8C%E7%BA%A7%E5%9F%9F%E5%90%8D%E6%94%B6%E9%9B%86%E8%84%9A%E6%9C%AC/">http://www.evilclay.com/2017/01/02/domain-seeker%E4%BA%8C%E7%BA%A7%E5%9F%9F%E5%90%8D%E6%94%B6%E9%9B%86%E8%84%9A%E6%9C%AC/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Data Retrieval over DNS in SQL Injection Attacks<br><a target="_blank" href="https://arxiv.org/ftp/arxiv/papers/1303/1303.3047.pdf">https://arxiv.org/ftp/arxiv/papers/1303/1303.3047.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>内网如何定位管理员<br><a target="_blank" href="https://www.secpulse.com/archives/32859.html">https://www.secpulse.com/archives/32859.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>自助终端机的常见入侵方式<br><a target="_blank" href="https://www.t00ls.net/articles-24444.html">https://www.t00ls.net/articles-24444.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>iotdb: Nmap scans of Internet of Things devices<br><a target="_blank" href="https://github.com/shodan-labs/iotdb">https://github.com/shodan-labs/iotdb</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>如何全面防御Webshell（下）<br><a target="_blank" href="http://www.4hou.com/technology/2301.html">http://www.4hou.com/technology/2301.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>黑产：“打码平台”与“羊毛党”<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&amp;mid=2655113653&amp;idx=3&amp;sn=223564a3bfa669f5d8fff887c136a2db&amp;chksm=bc864c5a8bf1c54cf51e9f7ee392f66d5bca3ae5dc5e897bb4e85af5ce648324253af10e4905&amp;mpshare=1&amp;scene=1&amp;srcid=0102epege22xuYhr2sFuGqhw">https://mp.weixin.qq.com/s?__biz=MjM5OTk4MDE2MA==&amp;mid=2655113653&amp;idx=3&amp;sn=223564a3bfa669f5d8fff887c136a2db&amp;chksm=bc864c5a8bf1c54cf51e9f7ee392f66d5bca3ae5dc5e897bb4e85af5ce648324253af10e4905&amp;mpshare=1&amp;scene=1&amp;srcid=0102epege22xuYhr2sFuGqhw</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>美团点评数据库中间件DBProxy开源<br><a target="_blank" href="http://tech.meituan.com/dbproxy-pr.html">http://tech.meituan.com/dbproxy-pr.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SQLMap Tamper Scripts Update ~ ForkBombers<br><a target="_blank" href="http://www.forkbombers.com/2016/07/sqlmap-tamper-scripts-update.html">http://www.forkbombers.com/2016/07/sqlmap-tamper-scripts-update.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>FBI Hacked and Leaked -New Year wishes from Anonymous[需翻墙]<br><a target="_blank" href="http://pastebin.com/5vwz6Wj4">http://pastebin.com/5vwz6Wj4</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>网络安全强国-以色列的工控安全之路<br><a target="_blank" href="http://plcscan.org/blog/2017/01/development-path-of-ics-cybersecurity-in-israel/">http://plcscan.org/blog/2017/01/development-path-of-ics-cybersecurity-in-israel/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>安卓Hook函数的复杂参数如何给定<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/611.html">https://xianzhi.aliyun.com/forum/read/611.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>The Definitive Security Data Science and Machine Learning Guide<br><a target="_blank" href="http://www.covert.io/the-definitive-security-datascience-and-machinelearning-guide/">http://www.covert.io/the-definitive-security-datascience-and-machinelearning-guide/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>40+ Intentionally Vulnerable Websites To (Legally) Practice Your Hacking Skills<br><a target="_blank" href="https://www.bonkersabouttech.com/com.bonkersabouttech.model.response.BlogCategory@1e5325/40-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392">https://www.bonkersabouttech.com/com.bonkersabouttech.model.response.BlogCategory@1e5325/40-intentionally-vulnerable-websites-to-practice-your-hacking-skills/392</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>安卓无线渗透利器：Hijacker<br><a target="_blank" href="http://www.freebuf.com/sectool/124156.html">http://www.freebuf.com/sectool/124156.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>浅析ReDoS的原理与实践<br><a target="_blank" href="http://www.freebuf.com/articles/network/124422.html">http://www.freebuf.com/articles/network/124422.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Exploiting difficult SQL injection vulnerabilities using sqlmap: Part 1<br><a target="_blank" href="http://www.thegreycorner.com/2017/01/exploiting-difficult-sql-injection.html">http://www.thegreycorner.com/2017/01/exploiting-difficult-sql-injection.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>33c32016 writeup<br><a target="_blank" href="http://lorexxar.cn/2017/01/03/33c3-wp/">http://lorexxar.cn/2017/01/03/33c3-wp/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>mitmAP：创建假AP和嗅探数据的简单工具<br><a target="_blank" href="http://www.mottoin.com/94979.html">http://www.mottoin.com/94979.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>FirePhisha: full-fledged phishing framework to manage all phishing engagements<br><a target="_blank" href="https://github.com/Raikia/FirePhish">https://github.com/Raikia/FirePhish</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>WEB2PY 反序列化的安全問題－CVE-2016-3957 <br><a target="_blank" href="http://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/">http://devco.re/blog/2017/01/03/web2py-unserialize-code-execution-CVE-2016-3957/</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>How to turn a DLL into a standalone EXE<br><a target="_blank" href="https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/">https://hshrzd.wordpress.com/2016/07/21/how-to-turn-a-dll-into-a-standalone-exe/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Open Source Malware Lab 相关开源系统介绍[论文+视频]<br><a target="_blank" href="https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware-lab/">https://www.virusbulletin.com/blog/2017/01/vb2016-paper-open-source-malware-lab/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>[Bug Bounty] GitHub Enterprise SQL Injection<br><a target="_blank" href="http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html">http://blog.orange.tw/2017/01/bug-bounty-github-enterprise-sql-injection.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>对斐讯Fir302B路由器进行的渗透测试<br><a target="_blank" href="http://www.freebuf.com/articles/terminal/124069.html">http://www.freebuf.com/articles/terminal/124069.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>物联网安全切入点（后有白皮书下载链接）<br><a target="_blank" href="http://www.secjia.com/report/NSFOCUS-IoT-Security-Whitepaper.pdf">http://www.secjia.com/report/NSFOCUS-IoT-Security-Whitepaper.pdf</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Oracle的酒店管理平台RCE漏洞以及持卡人数据泄漏（CVE-2016-5663/4/5）<br><a target="_blank" href="http://www.freebuf.com/vuls/123989.html">http://www.freebuf.com/vuls/123989.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Technical analysis of CryptoMix/CryptFile2 ransomware<br><a target="_blank" href="https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/">https://www.cert.pl/en/news/single/technical-analysis-of-cryptomixcryptfile2-ransomware/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Safari Reader UXSS<br><a target="_blank" href="http://alf.nu/SafariReaderUXSS">http://alf.nu/SafariReaderUXSS</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>RESTful架构风格下的4大常见安全问题<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MjM5MjY3OTgwMA==&amp;mid=2652455776&amp;idx=1&amp;sn=047aea9144db8cf242e253083a0796a6&amp;chksm=bd4f71778a38f861bd9399e96cf96a3d5f10a2cfbd73a8c5056c03335abd2baf73d61889c17c">https://mp.weixin.qq.com/s?__biz=MjM5MjY3OTgwMA==&amp;mid=2652455776&amp;idx=1&amp;sn=047aea9144db8cf242e253083a0796a6&amp;chksm=bd4f71778a38f861bd9399e96cf96a3d5f10a2cfbd73a8c5056c03335abd2baf73d61889c17c</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Comprehensive insider threat mitigation resource list <br><a target="_blank" href="http://www.nationalinsiderthreatsig.org/nitsig-insiderthreatsymposiumexporesources.html">http://www.nationalinsiderthreatsig.org/nitsig-insiderthreatsymposiumexporesources.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>PentesterLab 的 Padding Oracle 漏洞靶机测试<br><a target="_blank" href="http://www.mottoin.com/94991.html">http://www.mottoin.com/94991.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>使用Golang绕过杀毒软件<br><a target="_blank" href="http://www.mottoin.com/95161.html">http://www.mottoin.com/95161.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Binary Ninja plugin to decompile binaries using RetDec API<br><a target="_blank" href="https://github.com/hugsy/binja-retdec">https://github.com/hugsy/binja-retdec</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>SMB Relay with Snarf<br><a target="_blank" href="https://bluescreenofjeff.com/2016-02-19-smb-relay-with-snarfjs-making-the-most-of-your-mitm/">https://bluescreenofjeff.com/2016-02-19-smb-relay-with-snarfjs-making-the-most-of-your-mitm/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span> Python script to inject existing Android applications with a Meterpreter payloa<br><a target="_blank" href="https://github.com/sensepost/kwetza">https://github.com/sensepost/kwetza</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>ipscan: Angry IP Scanner<br><a target="_blank" href="https://github.com/angryziber/ipscan">https://github.com/angryziber/ipscan</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Technical details on the Fancy Bear Android malware (poprd30.apk) <br><a target="_blank" href="http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-malware-poprd30-apk/">http://blog.crysys.hu/2017/01/technical-details-on-the-fancy-bear-android-malware-poprd30-apk/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>6步教你搞定网络威胁建模<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655294723&amp;idx=3&amp;sn=4c6cbe71c8c3a59bbc5a3233d68bff20&amp;chksm=f02fe948c758605e1bc05ed09516c472ad2ce31e50b3c8164ec9ecc833fc0bcf66923c6291ff">https://mp.weixin.qq.com/s?__biz=MzI4MjA1MzkyNA==&amp;mid=2655294723&amp;idx=3&amp;sn=4c6cbe71c8c3a59bbc5a3233d68bff20&amp;chksm=f02fe948c758605e1bc05ed09516c472ad2ce31e50b3c8164ec9ecc833fc0bcf66923c6291ff</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>IoT Home Inspector Challenge 物联网安全防护工具大赛<br><a target="_blank" href="https://www.ftc.gov/iot-home-inspector-challenge">https://www.ftc.gov/iot-home-inspector-challenge</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>IoT Trust Framework: The foundation for future IoT certification programs<br><a target="_blank" href="https://www.helpnetsecurity.com/2017/01/05/iot-trust-framework/">https://www.helpnetsecurity.com/2017/01/05/iot-trust-framework/</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>2016年数据泄露年度汇总<br><a target="_blank" href="https://www.t00ls.net/articles-37542.html">https://www.t00ls.net/articles-37542.html</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>The Beauty of Python Programming 「Python入门开源书籍」<br><a target="_blank" href="https://funhacks.net/explore-python/">https://funhacks.net/explore-python/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>PowerShell Empire | Building an Empire with PowerShell<br><a target="_blank" href="http://www.powershellempire.com/">http://www.powershellempire.com/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>持久化 XSS：被 ServiceWorkers 支配的恐惧<br><a target="_blank" href="http://www.mottoin.com/95058.html">http://www.mottoin.com/95058.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>Mac Malware of 2016: a cumulative analysis of new OS X malware<br><a target="_blank" href="http://objective-see.com/blog/blog_0x16.html">http://objective-see.com/blog/blog_0x16.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>基于Spark的公安大数据实时运维技术实践<br><a target="_blank" href="http://mp.weixin.qq.com/s?__biz=MzA4Mzc0NjkwNA==&amp;mid=2650781974&amp;idx=2&amp;sn=e07c921425016ec1f626dbada6caed6a&amp;chksm=87fad021b08d593726b97819c668d7fb51f2fb4a86bb1aef2b13cc9cb09d703bf3b2bba2d7d7">http://mp.weixin.qq.com/s?__biz=MzA4Mzc0NjkwNA==&amp;mid=2650781974&amp;idx=2&amp;sn=e07c921425016ec1f626dbada6caed6a&amp;chksm=87fad021b08d593726b97819c668d7fb51f2fb4a86bb1aef2b13cc9cb09d703bf3b2bba2d7d7</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>mach portal漏洞利用的一些细节<br><a target="_blank" href="http://blog.pangu.io/mach-portal-details/">http://blog.pangu.io/mach-portal-details/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>如何绕过杀毒软件运行Mimikatz<br><a target="_blank" href="http://www.mottoin.com/95145.html">http://www.mottoin.com/95145.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>US Govt Data Shows Russia Used Outdated Ukrainian PHP Malware<br><a target="_blank" href="https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/">https://www.wordfence.com/blog/2016/12/russia-malware-ip-hack/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>33C3: Analyzing Embedded Operating System Random Number Generators ←<br><a target="_blank" href="http://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-embedded-rngs">http://samvartaka.github.io/cryptanalysis/2017/01/03/33c3-embedded-rngs</a></div><div class="single"><span id="tags">[取证分析]&nbsp;&nbsp;</span>Introducing rkt’s ability to automatically detect privilege escalation attacks on containers<br><a target="_blank" href="https://coreos.com/blog/rkt-detect-privilege-escalation.html">https://coreos.com/blog/rkt-detect-privilege-escalation.html</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span> Improvements in rogue ap attacks – mana 1/2<br><a target="_blank" href="https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1-2/">https://sensepost.com/blog/2015/improvements-in-rogue-ap-attacks-mana-1-2/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Operative - The Fingerprint Framework<br><a target="_blank" href="https://github.com/graniet/operative-framework">https://github.com/graniet/operative-framework</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>SensePost | Abusing file converters<br><a target="_blank" href="https://sensepost.com/blog/2015/abusing-file-converters/">https://sensepost.com/blog/2015/abusing-file-converters/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Fresh Veil - Automatically Generating Payloads<br><a target="_blank" href="https://bluescreenofjeff.com/2014-04-17-Fresh-Veil-Automatically-Generating-Payloads/">https://bluescreenofjeff.com/2014-04-17-Fresh-Veil-Automatically-Generating-Payloads/</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>how to setup a rasperry pi 2 model b for wlan sniffing<br><a target="_blank" href="http://blog.x1622.com/2016/12/how-to-setup-rasperry-pi-2-model-b-for.html">http://blog.x1622.com/2016/12/how-to-setup-rasperry-pi-2-model-b-for.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span> Wadi fuzzer<br><a target="_blank" href="https://sensepost.com/blog/2015/wadi-fuzzer/">https://sensepost.com/blog/2015/wadi-fuzzer/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Mac Malware of 2016 | a cumulative analysis of new OS X malware<br><a target="_blank" href="https://objective-see.com/blog/blog_0x16.html">https://objective-see.com/blog/blog_0x16.html</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span> An evolutionary knowledge-based fuzzer<br><a target="_blank" href="https://github.com/CENSUS/choronzon">https://github.com/CENSUS/choronzon</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Beaconpire<br><a target="_blank" href="https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/">https://bluescreenofjeff.com/2016-11-29-beaconpire-cobalt-strike-and-empire-interoperability-with-aggressor-script/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>一文读懂数据内容识别核心技术 <br><a target="_blank" href="http://blog.nsfocus.net/data-content-identification-core-technology/">http://blog.nsfocus.net/data-content-identification-core-technology/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>[another] intercepting proxy<br><a target="_blank" href="https://sensepost.com/blog/2015/another-intercepting-proxy/">https://sensepost.com/blog/2015/another-intercepting-proxy/</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>2016中国电脑恶意程序伪装与欺骗性研究报告<br><a target="_blank" href="http://www.freebuf.com/articles/system/124350.html">http://www.freebuf.com/articles/system/124350.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Apache mod_rewrite Grab Bag<br><a target="_blank" href="https://bluescreenofjeff.com/2016-12-23-apache_mod_rewrite_grab_bag/">https://bluescreenofjeff.com/2016-12-23-apache_mod_rewrite_grab_bag/</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/149">SecWiki周刊(第149期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
